From a89b2c8a1f577f4b7d025671627683cddddbd8a4 Mon Sep 17 00:00:00 2001
From: Christine Dodrill <me@christine.website>
Date: Sat, 26 Jan 2019 10:27:02 -0800
Subject: infosec better

---
 idp/idpmiddleware/middleware.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/idp/idpmiddleware/middleware.go b/idp/idpmiddleware/middleware.go
index 3ffb700..5a2bdc9 100644
--- a/idp/idpmiddleware/middleware.go
+++ b/idp/idpmiddleware/middleware.go
@@ -111,7 +111,7 @@ func Protect(idpServer, me, selfURL string) func(next http.Handler) http.Handler
 					ln.Log(ctx, ln.Info("setting cookie"))
 					http.SetCookie(w, &http.Cookie{
 						Name:     "within-x-idpmiddleware",
-						Value:    hash(me+bootTime.String(), idpServer),
+						Value:    hash(me, bootTime.String()),
 						HttpOnly: true,
 						Expires:  time.Now().Add(900 * time.Hour),
 						Path:     "/",
@@ -129,7 +129,7 @@ func Protect(idpServer, me, selfURL string) func(next http.Handler) http.Handler
 			}
 
 			cookie, err := r.Cookie("within-x-idpmiddleware")
-			if err != nil || cookie.Value != hash(me+bootTime.String(), idpServer) {
+			if err != nil || cookie.Value != hash(me, bootTime.String()) {
 				u, err := url.Parse(idpServer)
 				if err != nil {
 					http.Error(w, err.Error(), http.StatusInternalServerError)
-- 
cgit v1.2.3